挣扎于 If 语句

Question

我在理解 PowerShell 中的变量值时遇到问题，我用 if 语句检查它们。

$LDAPDirectoryService = '10.10.XXX.XXX:389'
$DomainDN = 'o=Enterprise'
#$LDAPFilter = '(&(objectCategory=Person)(memberOf=cn=alc-01-Planung-rw,ou=KT,o=enterprise))'

$LDAPFilter = '(&(cn=alc-01-Planung-rw))'

$null = [System.Reflection.Assembly]::LoadWithPartialName('System.Net')

$LDAPServer = New-Object System.DirectoryServices.Protocols.LdapConnection $LDAPDirectoryService
$LDAPServer.AuthType = [System.DirectoryServices.Protocols.AuthType]::Anonymous

$Scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$AttributeList = @('*')

$SearchRequest = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $DomainDN,$LDAPFilter,$Scope,$AttributeList

$groups = $LDAPServer.SendRequest($SearchRequest)
$groups

if ($groups -eq $null) {"No Group found"}
if ($groups -eq " ") {"No Group found"}

foreach ($group in $groups.Entries) {
    $users = $group.attributes['member'].GetValues('string') 
    foreach ($user in $users) {
        Write-Host $user
    }
}

我想检查该组是否存在，然后该组中是否存在用户。我尝试了很多语句，但其中 none 似乎有效。它不是 null 或空白，即使控制台中没有写下任何内容。

这是我使用不存在的组时得到的结果：

任何人都可以告诉我解决方案吗？

Answer 1

您使用的是什么版本的 PowerShell 运行？为什么您不为此使用内置的 AD 组 cmdlet，或者您不使用 ADDS 而使用其他一些 LDAP 服务？

或者您可能在 OSX/Linux 上并且正在使用 PSCore，ADDS/RSAT cmdlet 还没有，好吧，还没有？

为了你的目标……

I want to check if the group exists and then if users are existing in this group.

… 在 Windows 上，使用 PowerShell 3x 或更高版本，真的只有这个…

# Get all AD groups and all members of each group
Clear-Host
(Get-ADGroup -Filter '*').Name | 
%{
    "`n*** The members of $PSItem are as follows: ***`n"
    If((Get-ADGroupMember -Identity $PSItem).Count -ge 1)
    {
        (Get-ADGroupMember -Identity $PSItem).SamAccountName
    }
    Else
    {
        Write-Warning -Message "$PSItem does not exist or has no members."
    }
}


# Filtered
Clear-Host
((Get-ADGroup -Filter '*').Name -match 'Domain Admins|Domain Users' ) | 
%{
    "`n*** The members of $PSItem are as follows: ***`n"
    If((Get-ADGroupMember -Identity $PSItem).Count -ge 1)
    {
        (Get-ADGroupMember -Identity $PSItem).SamAccountName
    }
    Else
    {
        Write-Warning -Message "$PSItem does not exist or has no members."

    }
}

尽管使用您的 LDAP 方法...这个怎么样...

'Administrators','Distributed COM Users' | 
ForEach {
    # Define LDAP search root, the Global catalog of the domain
    $sLDAPSearchRoot = "LDAP://$((Get-ADDomainController).IPv4Address):389"

    # The Groupname to looking for
    ($sGroupName = "$_")

    # The LDAP query - query string
    $sSearchStr = "(&(objectCategory=group)(name="+$sGroupName+"))"

    # Get the search object
    $oSearch = New-Object directoryservices.DirectorySearcher($oADRoot,$sSearchStr)

    # Looking for the group
    $oFindResult = $oSearch.FindAll()

    # On success, get a DirectoryEntry object for the group
    $oGroup = New-Object System.DirectoryServices.DirectoryEntry($oFindResult.Path)


    # And list all members
    If (($oGroup.Member).Count -ge 1) 
    { 
        $oGroup.Member | 
        %{($oMembers = New-Object System.DirectoryServices.DirectoryEntry($sLDAPSearchRoot+"/"+$_))}
    }
    Else
    { Write-Warning -Message "$($oGroup.Member) does not exist or has no members"}
}

挣扎于 If 语句

Struggling with If Statements

powershell

if-statement

logical-operators